The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel if its length argument
can be controlled from user-space. On 64-bit systems, a local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)
A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)
Red Hat would like to thank Ben Hawkes for reporting CVE-2010-3081, and
Tavis Ormandy for reporting CVE-2010-3067.
This update also fixes the following bugs:
The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240)
where, when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring. This update implements the official upstream fixes for that
issue. Note: This is not a security regression. The original fix was
complete. (BZ#624604)
In certain circumstances, under heavy load, certain network interface
cards using the bnx2 driver, and configured to use MSI-X, could stop
processing interrupts and then network connectivity would cease.
(BZ#622952)
This update upgrades the tg3 driver to version 3.110. (BZ#640334)
Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be rebooted for
this update to take effect.